- (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable

[openssh.git] / monitor.c

diff --git a/monitor.c b/monitor.c
index 24ad0b79407038b510d02c6da8b20e40dd4f39b4..502d54efa62bc7927053a13210a6e7e7cca8db63 100644 (file)
--- a/monitor.c
+++ b/monitor.c
@@ -25,14 +25,22 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.69 2006/03/07 09:07:40 djm Exp $");
 
-#include <openssl/dh.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#include <signal.h>
 
 #ifdef SKEY
 #include <skey.h>
 #endif
 
+#include <openssl/dh.h>
+
 #include "ssh.h"
 #include "auth.h"
 #include "kex.h"
@@ -196,7 +204,7 @@ struct mon_table mon_dispatch_proto20[] = {
 #endif
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
-    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
+    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
 #endif
 #ifdef SKEY
     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
@@ -237,7 +245,7 @@ struct mon_table mon_dispatch_proto15[] = {
     {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
-    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
+    {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH, mm_answer_bsdauthrespond},
 #endif
 #ifdef SKEY
     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
@@ -537,7 +545,11 @@ mm_answer_sign(int sock, Buffer *m)
        keyid = buffer_get_int(m);
        p = buffer_get_string(m, &datlen);
 
-       if (datlen != 20)
+       /*
+        * Supported KEX types will only return SHA1 (20 byte) or 
+        * SHA256 (32 byte) hashes
+        */
+       if (datlen != 20 && datlen != 32)
                fatal("%s: data length incorrect: %u", __func__, datlen);
 
        /* save session id, it will be passed on the first call */
@@ -1621,6 +1633,7 @@ mm_get_kex(Buffer *m)
        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
        kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+       kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
        kex->server = 1;
        kex->hostkey_type = buffer_get_int(m);
        kex->kex_type = buffer_get_int(m);
@@ -1829,7 +1842,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
        buffer_clear(m);
        buffer_put_int(m, major);
 
-       mm_request_send(sock,MONITOR_ANS_GSSSETUP, m);
+       mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
 
        /* Now we have a context, enable the step */
        monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
@@ -1842,7 +1855,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
 {
        gss_buffer_desc in;
        gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
-       OM_uint32 major,minor;
+       OM_uint32 major, minor;
        OM_uint32 flags = 0; /* GSI needs this */
        u_int len;
 
@@ -1859,7 +1872,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
 
        gss_release_buffer(&minor, &out);
 
-       if (major==GSS_S_COMPLETE) {
+       if (major == GSS_S_COMPLETE) {
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -1908,7 +1921,7 @@ mm_answer_gss_userok(int sock, Buffer *m)
        debug3("%s: sending result %d", __func__, authenticated);
        mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
 
-       auth_method="gssapi-with-mic";
+       auth_method = "gssapi-with-mic";
 
        /* Monitor loop will terminate if authenticated */
        return (authenticated);